🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Vulnerabilities protected by our Directory Traversal (Requesting wp-config.php) firewall rule

506,251

Attacks Blocked in Past 24 Hours

Showing 201-220 of 225 Vulnerabilities

Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion

8.8

CVE-2022-2431

Jul 27, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal

9.1

CVE-2023-5105

Nov 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

9.1

CVE-2023-5414

Oct 11, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API

9.1

CVE-2021-24638

Aug 23, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

WP Fastest Cache <= 0.8.9.5 - Directory Traversal

9.1

CVE-2019-13635

Jul 28, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Real3D Flipbook <= 1.0.0 - Directory Traversal

9.1

CVE-2016-10965

Jul 3, 2016

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Image Export < 1.1.1 - Path Traversal

9.1

CVE-2015-5609

Jul 1, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Formcraft (Unknown Versions) - Arbitrary File Deletion

9.1

CVE ID Unknown

Sep 17, 2014

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

DejaVu <= 2.4 - Arbitrary File Download

9.1

CVE ID Unknown

Dec 17, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Method <= 2.1 - Arbitrary File Deletion

9.1

CVE ID Unknown

Dec 17, 2013

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read

9.4

CVE ID Unknown

May 13, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion

9.8

CVE ID Unknown

Jul 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Admin Word Count Column <= 2.2 - Arbitrary File Read

9.8

CVE ID Unknown

Mar 27, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution

9.8

CVE-2020-10564

Mar 13, 2020

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read

9.8

CVE ID Unknown

Sep 9, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WPS Child Theme Generator < 1.2 - Directory Traversal

9.8

CVE-2019-15822

Jul 23, 2019

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

微信群发助手-Wechat Broadcast <= 1.2.0 - Directory Traversal

9.8

CVE-2018-16283

Sep 19, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation

9.8

CVE-2018-19042

May 11, 2018

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Membership Simplified <= 1.58 - Arbitrary File Download

9.8

CVE-2017-1002008

Mar 13, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SE HTML5 Album Audio Player <= 1.1.0 - Directory Traversal

9.8

CVE-2015-4414

Jun 6, 2015

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion	CVE-2022-2431	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 27, 2022
Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal	CVE-2023-5105	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	November 13, 2023
Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read	CVE-2023-5414	9.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	October 11, 2023
OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API	CVE-2021-24638	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	August 23, 2021
WP Fastest Cache <= 0.8.9.5 - Directory Traversal	CVE-2019-13635	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	July 28, 2019
Real3D Flipbook <= 1.0.0 - Directory Traversal	CVE-2016-10965	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	July 3, 2016
Image Export < 1.1.1 - Path Traversal	CVE-2015-5609	9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N	July 1, 2015
Formcraft (Unknown Versions) - Arbitrary File Deletion		9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	September 17, 2014
DejaVu <= 2.4 - Arbitrary File Download		9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	December 17, 2013
Method <= 2.1 - Arbitrary File Deletion		9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	December 17, 2013
Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.0.45 - Arbitrary File Deletion/Read		9.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L	May 13, 2019
Dynamic Font Replacement DFR4WP EN <= 1.3 EN - Arbitrary File Deletion		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 12, 2022
Admin Word Count Column <= 2.2 - Arbitrary File Read		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 27, 2022
WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution	CVE-2020-10564	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2020
Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read		9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 9, 2019
WPS Child Theme Generator < 1.2 - Directory Traversal	CVE-2019-15822	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	July 23, 2019
微信群发助手-Wechat Broadcast <= 1.2.0 - Directory Traversal	CVE-2018-16283	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	September 19, 2018
Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation	CVE-2018-19042	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2018
Membership Simplified <= 1.58 - Arbitrary File Download	CVE-2017-1002008	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	March 13, 2017
SE HTML5 Album Audio Player <= 1.1.0 - Directory Traversal	CVE-2015-4414	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	June 6, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation